3 IT Security Questions You Should be Asking, but Aren't
By Christopher Clapp, CEO, Bluelock
The pace of IT security innovation is driven not by your business’s agenda. Rather, IT security innovation is driven at the pace of the latest hacks, attacks and impending threats. That always-changing, fast pace is near impossible for organizations to keep up with while maintaining excellent service delivery of business’s core IT functions.
The expansion of IT’s “as-a-Service” capabilities has grown and matured over the past decade, enabling your business to easily consume software, infrastructure, private cloud—even disaster recovery in an “as-a-Service” way that allows your business to use what you need, when you need it, in an on-demand, flexible delivery model. Procurement and onboarding times are shrunk to days and weeks instead of the months required with traditional services and hardware implementation, which begs the question, “How are you going to satisfy your security burden at the speed at which “as-a-Service” solutions are implemented today?”
First things first: there are no shortcuts when it comes to securing your environment.
While the best partners and providers change with the market, no provider can fully take away the burden of managing that security, and it wouldn’t be responsible for you to completely give up control either. While these partners and providers become an extension of your team and help you increase your security and protection, you need to think beyond traditional IT hardware solutions and consider security holistically for your entire environment.
Here’s a consideration many companies forget until it’s too late. Are you thinking holistically about the security of your technology and your data? Think not just about your hosting environment, but also consider the security of your recovery environment. We see CIOs and CISOs increasingly asking for secure hosting and secure cloud solutions, but not enough are thinking about the entire environment. Not enough are looking for a secure recovery environment.
Are you? If not, ask yourself, “Why Not?”
Companies are just as vulnerable in their recovery environments as they are in production, but they can be just as protected as well. Unfortunately, many IT leaders don’t consider the vulnerability until it’s too late. Consider the current security threats of your recovery environment and ask yourself these three questions
1) Would you trust your data with only basic security protections in production?
Spend your IT budget wisely and look closer at the security of your recovery environment. If you have sensitive data, would you trust your recovery environment to run your applications with basic protections, even for a short time? If you’re spending your budget on the security of your production and only using basic security protections in recovery, you may want to reconsider your DR plans.
2) Does your business continuity plan consider IT security risks in your recovery environment?
Recovery has to work to be worth it’s cost. Your organization, your shareholders and your customers are expecting it to work. All complexities should be considered and contemplated in advance, so that your team has confidence that it not only will work, but also maintain your security while running as production. If you’re only considering the security of your production environment, who’s to say that your recovery state is also secure?
3) Do you have a way of ensuring your security advances are up to date?
The advances in the security of your production environment should be mirrored in your recovery, but do you have a way of keeping them up to date in both environments? Gauge your confidence that your sensitive data in your recovery environment is secure and protected at the same rate you gauge your production environment.
Assuming your recovery environment is secure and protected is not enough due diligence to protect your data or your business. When a disaster strikes you should feel confident and prepared that your sensitive data is secure and protected, no matter what.
Rigorously testing your DR plan and your recovery environment will provide you the confidence that your recovery will work. A good place to start is to perform a risk assessment of your organizations current recovery environment. That assessment will show you where your organization stands today and set you up to quickly decipher whether or not you’re comfortable taking on that risk.